On May 30, 2017, security researchers outside China discovered the vulnerability of local elevation of privilege by means of sudo in Linux. The vulnerability is CVE-2017-1000367. It affects almost all Linux operating systems.

Alibaba Cloud Security reminds you to follow up this vulnerability and install patches in a timely manner to prevent any attacker from exploiting it to initiate an elevation of privilege attack.

See the following for more information about the vulnerability.

CVE identifier

CVE-2017-1000367

Vulnerability name

Sudo local elevation of privilege vulnerability

Vulnerability rating

High

Vulnerability description

When determining tty data, sodu fails to parse / proc / [pid] / stat correctly. A local attacker can exploit this issue to overwrite any files in the file system and escalate from common account to root privileges by means of policy bypass.

Condition and method of exploitation

This vulnerability can be exploited locally.

Affected scope

Sudo 1.8.6p7 to 1.8.20. Because the affected versions vary depending on different vendors, see the information announced by the specific vendor.

Red Hat Enterprise Linux 6 (sudo)

Red Hat Enterprise Linux 7 (sudo)

Red Hat Enterprise Linux Server (v. 5 ELS) (sudo)

Debian wheezy

Debian jessie

Debian stretch

Debian sid

Ubuntu 17.04

Ubuntu 16.10

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

SUSE Linux Enterprise Software Development Kit 12-SP2

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Desktop 12-SP2

OpenSuse

Unaffected versions:

CentOS and Red Hat security versions:

Centos /RHEL 7: 1.8.6p7-22.el7_3

Centos /RHEL 6: 1.8.6p3-28.el6_9

Centos /RHEL 5: 1.7.2p1-30.el5_11

Ubuntu security versions:

Ubuntu 14.04 LTS: 1.8.9p5-1ubuntu1.4

Ubuntu 16.04 LTS: 1.8.16-0ubuntu1.4

Ubuntu 16.10 LTS: 1.8.16-0ubuntu3.2

Debian security versions:

Debian 7(wheezy): 1.8.5p2-1+nmu3+deb7u3

Debian 8(jessie): 1.8.10p3-1+deb8u4

SUSE /OpenSuse security versions:

1.8.10p3-2.11.1

1.8.10p3-10.5.1

Vulnerability detection

Run the following command to check the sudo version:

sudo -V

Use the provided package manager to check the sudo version:

For CentOS and Red Hat, run the rpm -qa|grep sudo command to check the sudo version.

For Ubuntu and Debian, run the bash dpkg -l sudo command to check the sudo version.

How to fix or mitigate

Currently, the updates have been synchronized to Alibaba Cloud software sources. For more information, see the vendor announcements in Intelligence source. You can run the following command to install the patches: